CVE-2014-2737

Published Apr 22, 2014

Last updated 3 months ago

CVSS info 7.5

Overview

Description: SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:knowledgetree:knowledgetree:3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88CA7829-6C3A-4E2F-97CF-A9BA6956F442"
          },
          {
            "criteria": "cpe:2.3:a:knowledgetree:knowledgetree:3.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "117AAEF5-5C84-4EE0-A333-4ABC2D9E4B4C"
          },
          {
            "criteria": "cpe:2.3:a:knowledgetree:knowledgetree:3.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92246B9D-43EA-40A2-9E72-A8229339C608"
          },
          {
            "criteria": "cpe:2.3:a:knowledgetree:knowledgetree:3.5.4a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC747244-2291-4FA4-8BA7-A438811D950B"
          },
          {
            "criteria": "cpe:2.3:a:knowledgetree:knowledgetree:3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2983EEC6-DDF7-4A22-B87A-505E695D6F31"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:knowledgetree:knowledgetree:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36DC3309-71B0-4DD9-A186-169190AA1395",
            "versionEndIncluding": "3.7.0.2"
          },
          {
            "criteria": "cpe:2.3:a:knowledgetree:knowledgetree:3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A25E0B0-A83F-4D50-94D7-AAA237664386"
          },
          {
            "criteria": "cpe:2.3:a:knowledgetree:knowledgetree:3.7.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3D3531A-1A65-40CD-97D0-5A3E09187695"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References